Can I use certificates from Let’s Encrypt for code signing or email encryption?

No. Email encryption and code signing require a different type of certificate than Let’s Encrypt will be issuing.

No other usage than servers.

Now, for the second part: would it be better to use a trusted CA for client certificates? Well, not necessarily. It
depends on the application that’s using client certificate authentication.

Specifically, in my case, I use client auth for very simple apps and I am the only authorized user. Thanks to the
private CA, it’s extremely simple for the web server to authenticate a connection: if there’s a client certificate
signed by the private CA, then the connection is authenticated. Otherwisen there’s a fallback to basic auth.
And the apps that are protected this way don’t even need to check for the login data. They don’t even know that there
is some form of authentication that protects them 😉

With a trusted CA, there would be a few extra steps needed: the web server would have to check that the certificate is
valid, signed by the CA, hasn’t expired, and hasn’t been revoked. (No need for that with the private CA as I’m the only
one issuing certificates). Then it’s absolutely necessary to check that the user ID in the client certificate matches a
list of authorized IDs, to prevent other users that have client certificates issued by the same CA from logging in.

To be honest, it’s actually probably not a big deal, and I’m sure that it would only take a few lines to configure
lighttpd to do that. But it’s still a little bit more complicated than the private CA, for no practical advantage. And
you’d have to completely trust the CA, which can sometimes be complicated.